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Abstract 

The framework of light logics has been extensively studied to con- 
trol the complexity of higher-order functional programs. We pro- 
pose an extension of this framework to multithreaded programs 
with side effects, focusing on the case of polynomial time. After 
introducing a modal A-calculus with parallel composition and re- 
gions, we prove that a realistic call-by-value evaluation strategy 
can be computed in polynomial time for a class of well-formed 
programs. The result relies on the simulation of call-by-value by 
a polynomial shallow-first strategy which preserves the evaluation 
order of side effects. Then, we provide a polynomial type system 
that guarantees that well-typed programs do not go wrong. Finally, 
we illustrate the expressivity of the type system by giving a pro- 
gramming example of concurrent iteration producing side effects 
over an inductive data structure. 

Categories and Subject Descriptors D.3 [Programming Lan- 
guages]: Formal Definitions and Theory; F.2 [Analysis of Algo- 
rithms and Problem Complexity]: General 

Keywords A-calculus, side effect, region, thread, resource analy- 
sis. 

1. Introduction 

Quantitative resource analysis of programs is a challenging task 
in computer science. Besides being essential for the development 
of safety-critical systems, it provides interesting viewpoints on the 
structure of programs. 

The framework of light logics (see e.g. LLL 1 12], ELL [ 10], 
SLL [13]) which originates from Linear Logic ["11], have been 
deeply studied to control the complexity of higher-order functional 
programs. In particular, polynomial time A-calculi (3, UM have 
been proposed as well as various type systems |8i@] guaranteeing 
complexity bounds of functional programs. Recently, Amadio and 
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the author proposed an extension of the framework to a higher- 
order functional language with multithreading and side effects 1 16], 
focusing on the case of elementary time (ELL). 

In this paper, we consider a more reasonable complexity class: 
polynomial time. The functional core of the language is the light 
A-calculus 1 18] that features the modalities bang (written '!') and 
paragraph (written '§') of LLL. The notion of depth (the number 
of nested modalities) which is standard in light logics is used to 
control the duplication of data during the execution of programs. 
The language is extended with side effects by means of read and 
write operations on regions which were introduced to represent 
areas of the store 1 15]. Threads can be put in parallel and interact 
through a shared state. 

There appears to be no direct combinatorial argument to bound 
a call-by-value evaluation strategy by a polynomial. However, 
the shallow-first strategy (i.e. redexes are eliminated in a depth- 
increasing order) is known to be polynomial in the functional 
case 0, fl3l - Using this result, Terui shows 1 18] that a class of 
well -formed light A-terms strongly terminates in polynomial time 
(i.e. every reduction strategy is polynomial) by proving that any 
reduction sequence can be simulated by a longer one which is 
shallow-first. Following this method, our contribution is to show 
that a class of well-formed call-by-value programs with side ef- 
fects and multithreading can be simulated in polynomial time by 
shallow-first reductions. The bound covers any scheduling policy 
and takes thread generation into account. 

Reordering a reduction sequence into a shallow-first one is non- 
trivial: the evaluation order of side effects must be kept unchanged 
in order to preserve the semantics of the program. An additional 
difficulty is that reordering produces non call-by-value sequences 
but fails for an arbitrary larger relation (which may even require 
exponential time). We identify an intermediate outer-bang relation 
— i>ob which can be simulated by shallow-first ordering and this 
allows us to simulate the call-by-value relation — s> v which is 
contained in the outer-bang relation. We illustrate this development 
in Figure Q] 

The paper is organized as follows. We start by presenting the 
language with multithreading and regions in Section [2] and define 
the largest reduction relation. Then, we introduce a polynomial 
depth system in Section [3] to control the depth of program occur- 
rences. Well-formed programs in the depth system follow Terui's 
discipline lloTI on the functional side and the stratification of re- 
gions by depth level that we introduced previously 1 16]. We prove 
in Section|4]that the class of outer-bang strategies (containing call- 
by-value) can be simulated by shallow-first reductions of exactly 
the same length. We review the proof of polynomial soundness of 
the shallow-first strategy in Section [5] We provide a polynomial 
type system in Section[6]which results from a simple decoration of 
the polynomial depth system with linear types. We derive the stan- 
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Figure 1. Simulation by shallow-first ordering 



dard subject reduction proposition and progress proposition which 
states that well-types programs reduce to values. Finally, we illus- 
trate the expressivity of the type system in Section [7j by showing 
that it is polynomially complete in the extensional sense and we 
give a programming example of a concurrent iteration producing 
side effects over an inductive data structure. 



denoted by FV(Af). The number of free occurrences of x in M 
is denoted by FO(x, M). The number of free occurrences in M is 
denoted by FO(Af). M[N/x] denotes the term M in which each 
free occurrence of x has been substituted by TV. 

Each program has an abstract syntax tree where variables, re- 
gions and unit constants are leaves, A-abstractions and f-terms have 
one child, and applications and let f -binders have two children. An 
example is given in Figure [5] A path starting from the root to a 
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Figure 3. Syntax tree and addresses of P 



2. A modal A-calculus 

with multithreading and regions 

As mentioned previously, the functional core of the language is a 
modal A-calculus with constructors and destructors for the modali- 
ties '!' and '§' that are used to control the duplication of data. The 
global store is partitioned into a finite number of regions where 
each region abstracts a set of memory locations. Following Q|], 
side effects are produced by read and write operators on regions. 
A parallel operator allows to evaluate concurrently several terms 
which can communicate through regions. As we shall see in Sec- 
tion [JJ this abstract non-deterministic language entails complexity 
bounds for languages with concrete memory locations representing 
e.g. references, channels or signals. 

The syntax of the language is presented in Figure [2] We have 

-variables x, y, . . . 
-regions r,r', . . . 

-terms M ::= x \ r | * | Xx.M \ MM \ \M \ %M 
let \x = M in M | let §:r = M in M 
get(r) | set(r,M) | (M || M) 

-stores S ::= M \ (S || S) 

-programs P ::= M\S\ (P \\ P) 



Figure 2. Syntax of the language 

the usual set of variables x, y, . . . and a set of regions r, r', . . . 
The set of terms M contains variables, regions, the terminal value 
(unit) *, A-abstractions, applications, modal terms \M and §M 
(resp. called !-terms and §-terms) and the associated let !-binders 
and let § -binders. We have an operator get(r) to read a region r, an 
operator set(r, M) to assign a term M to a region r and a parallel 
operator (M \\ N) to evaluate M and N in parallel. A store 5* is 
the composition of several assignments r <= M in parallel and 
a program P is the combination of several terms and stores in 
parallel. Note that stores are global, i.e. they always occur in empty 
contexts. 

In the following we write f for f £ {!, §} and we define t°M = 
M and \ n+1 M = ]{] n M). Terms Xx.M and let \x = N in M 
bind occurrences of x in M. The set of free variables of M is 



node of the tree denotes an occurrence of the program whose ad- 
dress is a word w £ {0, 1}* hereby denoted in exponent form. We 
write w C w' when w is a prefix of w' . We denote the number of 
occurrences in P by \P\. 

The operational semantics of the language is given in Figure [4] 
In order to prove the later simulation result, the largest reduction 
relation — > (which shall contain call-by-value) is presented. 

-structural rules- 
P\\P' = P' || P 
(P || P') || P" = P || (P' || P") 

-evaluation contexts- 
E :~ [■} | Xx.E | EM | ME | \E \ §E 

let \x = E in M | let §a; = E in M 
let \x = M in E j let \x = M in E 

set(r,E)\r^E\(E\\P) | (P || E) 



-reduction rules- 



08) 


E[(Xx.M)N] - 


->■ E[M[N/x]} 


(0 


P[let \x = \N in M] - 


->■ P[M[TV/xj] 


(§) 


E[\et §£ = §7V in M] - 


->• E[M[N/x\] 


(get) 


P[get(r)] || r <= M - 


->• E[M] 


(set) 


E[set(r,M)] - 


->■ E[*] || r <= M-if FV(M) = 


(gc) 


E[* || M] - 


->■ E[M] 



Figure 4. Operational semantics 



Programs are considered up to a structural equivalence = which 
contains the equations for a-renaming, commutativity and associa- 
tivity of parallel composition. Reduction rules apply modulo struc- 
tural equivalence, in an evaluation context E which can be any pro- 
gram with exactly one occurrence of a special variable '[•]', called 
the hole. We write E[M] for E[M /[■]]. Each rule is identified by its 
name. (/?) is the usual /3-reduction. (f ) are rules for filtering modal 
terms, (get) is for consuming a term from a region, (set) is for as- 
signing a closed term to a region, (gc) is for erasing a terminated 
thread. 

First, note that the reduction rule (set) generates a global assign- 
ment, that is out of the evaluation context E. In turn, we require M 



to be closed such that it does not contain variables bound in E. Sec- 
ond, several terms can be assigned to a single region. This cumu- 
lative semantics allows the simulation of several memory locations 
by a single region. In turn, reading a region consists in consuming 
non-deterministically one of the assigned terms. 

The reduction is very 'liberal' with side effects. The contexts 
(P || E) and (E || P) embed any scheduling of threads. Moreover, 
contexts of the shape r E allow evaluation in the store as 
exemplified in the following possible reduction: 



set(r, A:r.get(r)) 



M — > * || r <= Ax.get(r) || r 
— y * r <= Xx.M 



M 



In the rules (/3), (f), (gc), the redex denotes the term inside the 
context of the left hand-side and the contractum denotes the term 
inside the context of the right hand-side. In the rule (get), the redex 
is get(r) and the contractum is M. In the rule (set), the redex 
is set(r, M) and the contractum is M. Finally, — > + denotes the 
transitive closure of — y and — y* denotes the reflexive closure of 



3. A polynomial depth system 

In this section, we first review the principles of well-formed light 
A-terms (Subsection [XT) and then the stratification of regions by 
depth level (Subsection 13.2b . Eventually we combine the two as 
a set of inference rules that characterizes a class of well-formed 
programs (Subsection l3.3t . 

3.1 On light A-terms 

First, we define the notion of depth. 

Definition 1. The depth d(w) of an occurrence w in a program 
P is the number of t labels that the path leading to the end node 
crosses. The depth d(P) of program P is the maximum depth of its 
occurrences. 

With reference to Figure[3] d(01000) = d(01010) = d(100) = 
d(1000) = d(10000) = d(10001) = 1, whereas other occur- 
rences have depth 0. In particular, d(0100) = d(0101) = d(10) = 
0; what matters in computing the depth of an occurrence is the num- 
ber of t's that precede strictly the end node. Thus d(P) = 1. In the 
sequel, we say that a program occurs at depth i when it corresponds 
to an occurrence of depth i. For example, get(r) occur at depth 

in P. We write —y when the redex occurs at depth i; we write |P|j 
for the number of occurrences at depth i of P. 
Then we can define shallow-first reductions. 

Definition 2. A shallow-first reduction sequence Pi — ^ P2 -^-y 

. . . P„ is such that m < n implies i m < i n . A shallow-first 
strategy is a strategy that produces shallow-first sequences. 

The polynomial soundness of shallow-first strategies relies on 

i 

the following properties: when P — y* P', 

d{P')<d(P) (3.1) 
|P'| 3 ■< \P\i forj <i (3.2) 
\P'\i < \P\i (3.3) 



IP' I < |P| : 



(3.4) 



To see this in a simple way, assume P is a program such that 
d(P) = 2. By properties J3.lt . J3.2t . J3.3t we can eliminate all the 

1 

redexes of P with the shallow-first sequence P — ►* P' — y* 

2 

P" — >* P'". By property {g}, |P'"| < |P| 8 .Bv properties f33l 
the length I of the sequence is such that I < \P \ + |P | + |P"| = p. 



Since we can show that p < |P| we conclude that the shallow-first 
evaluation of P can be computed in polynomial time. 

The well-formedness criterions of light A-terms are intended to 
ensure the above four properties. These criterions can be summa- 
rized as follows: 

• A-abstraction is affine: in Xx.M, x may occur at most once and 
at depth in M. 

• let '-binders are for duplication: in let \x = M in TV, x may 
occur arbitrarily many times and at depth 1 in TV. 

• let §-binders are affine: in let §:r = M in TV, x may occur at 
most once and at depth 1 in TV. The depth of x must be due to a 
§ modality. 

• a !-term may contain at most one occurrence of free variable, 
whereas a §-term can contain many occurrences of free vari- 
ables. 

By the first three criterions, we observe the following. The depth 
of a term never increases (property J3.lt ) since the reduction rules 
(/?),(■) and (§) substitute a term for a variable occurring at the same 
depth. Reduction rules (/?) and (§) are strictly size-decreasing since 
the corresponding binders are affine. A reduction (!) is strictly size- 
decreasing at the depth where the redex occurs but potentially size- 
increasing at deeper levels. Therefore properties J3.2t and J3.3t 
are also guaranteed. The fourth criterion is intended to ensure a 
quadratic size increase (property J3.4t ). Indeed, take the term Z 
borrowed from [18] that respects the first three criterions but not 
the fourth: 

Z = Ax. let Ix = x in \(xx) 



.(Z(Z\y)) 



Kvv---v) 



(3.5) 



It may trigger an exponential size explosion by repeated application 
of the duplicating rule (!). The following term 

Y = Ax. let \x — x in §(a;a;) 

Y...(Y(Y \y)) 

n limes (3.6) 
— ►* Y . . . (F(Y(let \x = §(yy) in %(xx)))) -+> 



respects the four criterions but cannot be used to apply (!) expo- 
nentially. 

3.2 On the stratification of regions by depth 

In our previous work on elementary time llol . we analyzed the 
impact of side effects on the depth of occurrences and remarked that 
arbitrary reads and writes could increase the depth of programs. In 
the reduction sequence 

{\x.set(r,x) || §get(r))!M — s>* §get(r) || r <= \M 

— y §!M (3J) 

the occurrence M moves from depth 1 to depth 2 during the last 
reduction step, because the read occurs at depth while the write 
occurs at depth 1. 

Following this analysis, we introduced region contexts in order 
to constrain the depth at which side effects occur. A region context 

R = n : 5x,.-.,r„ : 5 n 

associates a natural number Si to each region r, in a finite set of 
regions {ri, . . . , r„} that we write dom(R). We write R(ri) for 
Si. Then, the rules of the elementary depth system were designed 
in such a way that get(r^) and set(ri, M) may only occur at depth 
Si, thus rejecting J3.7t . 



Moreover, we remarked that since stores are global, that is 
they always occur at depth 0, assigning a term to a region breaks 
stratification whenever <5; > 0. Indeed, in the reduction 



§set(r,M) 



M 



(3.8) 



where R(r) should be 1, the occurrence M moves from depth 1 to 
depth 0. Therefore, we revised the definition of depth as follows. 

Definition 3. Let P be a program and R a region context where 
dom(R) contains all the regions of P. The revised depth d(w) of 
an occurrence w of P is the number of] labels that the path leading 
to the end node crosses, plus R(r ) if the path crosses a store label 
r •<=. The revised depth d(P) of a program P is the maximum 
revised depth of its occurrences. 

By considering this revised definition of depth, in < I3 . 8b the oc- 
currence M stays at depth 1. In Figure[5]we now get d(01000) = 
d(01010) = 1, d(10) = R(r) and d(100) = d(1000) = 
d(10000) = d(10001) = R(r) + 1. Other occurrences have depth 
0. From now on we shall say depth for the revised definition of 
depth. 

3.3 Inference rules 

Now we introduce the inference rules of the polynomial depth 
system. First, we define region contexts R and variable contexts 
r as follows: 

R = ri : Si, . . . ,r„ : S n 
T = X\ : Ui, . . . , x n : Un 

Regions contexts are described in the previous subsection. A vari- 
able context associates each variable with a usage u £ {A, §, !} 
which constrains the variable to be bound by a A-abstraction, a 
let §-binder or a let !-binder respectively. We write F u if dom(T) 
only contains variables with usage u. A depth judgement has the 
shape 

R;F h 4 P 

where 5 is a natural number. It should entail the following: 

• if x : A 6 r then x occurs at depth 8 in t 4 P, 

• if x : f € r then x occurs at depth S + 1 in f P, 

• if r : 5' € R then get(r)/set(r) occur at depth 5' in f P. 

The inference rules of the depth system are presented in Fig- 
ure|5] We comment on the handling of usages. Variables are intro- 
duced with usage A. The construction of !-terms updates the usage 
of variables to ! if they all previously had usage A. The construc- 
tion of §-terms updates the usage of variables to § for one part and 
! for the other part if they all previously had usage A. In both con- 
structions, contexts with other usages can be weakened. As a re- 
sult, A-abstractions bind variables occurring at depth 0, let '-binders 
bind variables occurring at depth 1 in !-terms or §-terms, and let §- 
binders bind variables occurring at depth 1 in §-terms. 

To control the duplication of data, the rules for binders have 
predicates which specify how many occurrences can be bound. A- 
abstractions and let §-binders are linear by predicate FO(a;, M) = 
1 and let !-binders are at least linear by predicate FO(:r, M) > 1. 

The depth 5 of the judgement is decremented when constructing 
t-terms. This allows to stratify regions by depth level by requiring 
that 5 = R(r) in the rules for get(r) and set(r, M). A store 
assignment r <= M is global hence its judgement has depth 
whereas the premise has depth R(r) (this reflects the revised notion 
of depth). 

Definition 4. (Well-formedness) A program P is well-formed if a 

judgement R; F \- s P can be derived for some R, F and S. 



x:\eF 
R;Fh s x 

FO(x,M) = 1 



R;F\- d * 



ftfl-'r 



R;Th s M R;T\- S N 
R-Fh s MN 

FO{x,N)>l R;T\- S M 
R;T,x:\\- s N 

R; T \- s let \x = M in N 

¥Q(x,N) = l R;T\- S M 
R; T\, A\ \- s+1 M R;T,x:§h s N 

R;Ti, A§, *a ^ 6 §M R-F h s let §z = M in N 



R;rh" Xx.M 

FO(M) < 1 
R;T X h 5+1 M 

R;T,,A h ^ x H 5 \M 



r:SeR 



SeR R;F h M 



R; T h 4 get(r) R; T h 4 set(r, M) 

SeR R;Fh s M i = 1, 2 R;T h 6 Pi 



R- rh%<= M 



R;T\- 6 (Pi || P 2 



Figure 5. A polynomial depth system 



Example 1. The program P of Figure\3\is well-formed by compo- 
sition of the two derivation trees of Figure\E\ The program Z given 
in i3.5\ is not well-formed. 

The depth system is strictly linear in the sense that it is not 
possible to bind occurrences. We shall see in Section [4] that it 
allows for a major simplification of the proof of simulation. How- 
ever, this impossibility to discard data is a notable restriction over 
light A-terms. In a call-by-value setting, the sequential composition 
M; N is usually encoded as the non well-formed term (Xz.N)A'I 
where z £ FV(iV) is used to discard the terminal value of M. 
We show that side effects can be used to simulate the discarding of 
data even though the depth system is strictly linear. Assume that we 
dispose of a specific region gr collecting 'garbage' values at each 
depth level of a program. Then M; iV could be encoded as the well- 
formed program (Xz.set(gr, z) \\ N)M. Using a call-by-value se- 
mantics, we would observe the following reduction sequence 



M: N 



V:N 



set( fl r, V) || N 



* || N || gr V 
N || gr <J= V 



where * has been erased by (gc) and V has been garbage collected 
into gr. 

Finally we derive the following lemmas on the depth system in 
order to get the subject reduction proposition. 

Lemma 1 (Weakening and Substitution). 

1. IfR; rh s P then R; Y, V h* P. 

2. IfR; r,i:Ah s M and R;T h s N 
then R;Fh s M[N/x]. 

3. IfR; F,x:§\- S M and R; F h 4 §iV 
then R;Fh s M[N/x]. 



4. IfR; F,x:\h"M and R; F 
thenR;Fh s M[N/x], 



IN 



Proposition 1 (Subject reduction). // R; T h P and P 

then R; F h 4 P' and d(P) > d(P'). 



P' 



r : 0;x : A h 1 x r : 0; x : A h 1 x r : 0; x : A h 1 x r : 0; x : X h 1 * 
r : 0;x : ! h° \x r : 0; x : ! h° %x r:0;i:Ah'i* 
r : 0; - h° r r : 0; x : ! h° r r : 0; x : ! h° !x§x r : 0; - h 1 Ax.x* 

r : 0; - h° get(r) r : 0; x : ! h° set(r, !x§x) r : 0; - h° !(Ax.x*) 

r : 0; - h° let !x = get(r) in set(r, !x§x) r : 0; - h° r <s= !(Ax.x*) 

Figure 6. Derivation trees 



4. Simulation by shallow-first 

In this section, we first explain why we need a class of outer-bang 
reduction strategies (Subsection |4. Q , Then, we prove that shallow- 
first simulates any outer-bang strategy and that the result applies to 
call-by-value (Subsection |4.2| (. 

4.1 Towards outer-bang strategies 

Reordering a reduction sequence into a shallow-first one is an 
iterating process where each iteration consists in commuting two 
consecutive reduction steps which are applied in 'deep-first' order. 

First, we show that this process requires a reduction which 
is strictly larger than an usual call-by-value relation. Informally, 
assume \V denotes a value. The following two reduction steps in 
call-by-value style 



set(r,fM) set(r,t^) — 
commute into the shallow-first sequence 



set(r, \M) 



\M 



w 



w 



which is obviously not call-by-value: first, we write a non-value 
\M to the store and second we reduce in the store! As another 
example, the following two reduction steps in call-by- value style 

{Xx.Xy.xy)\M (Xx.\y.xy)\V -±> Xy.(\V)y 
commute into the shallow-first sequence 

{Xx.Xy.xy)\M Xy.{\M)y A Xy.{]V)y 

which is not call-by- value: we need to reduce inside a A-abstraction 
and this is not compatible with the usual notion of value. 

Second, we show that an arbitrary relation like — > is too large 
to be simulated by shallow-first sequences. For instance, consider 
the following reduction of a well-formed program: 

let \x = !get(r) in §(xx) || r <= M 
let \x = \M in %xx) (4.1) 
A §(MM) 

This sequence is deep-first; it can be reordered into a shallow-first 
one as follows: 

let \x = !get(r) in §(xx) || r <= M 
§(get(r)get(r)) \\ r <= M (4.2) 
§(Mget(r)) -» 

However, the sequence cannot be confluent with the previous one 
for we try to read the region two times by duplicating the redex 
get(r). It turns out that a non shallow-first strategy may require 
exponential time in the presence of side effects. Consider the well- 
formed A-abstraction 

F = Ax. let §x = x in §set(r, x); !get(r) 

which transforms a §-term into a !-term (think of the type §A — o \A 
that would be rejected in LLL). Then, building on program Z given 



in l !3.5t , take 

Z = Ax. let !x = x in _F§(xx) 

We observe an exponential explosion of the size of the following 
well-formed program: 

Z'Z' ...Z'\* 

n times 

^* Z'Z' . ..Z' <jF%(**)) 

n—1 times 

^* Z'Z' . ..Z'J ,l{**)) || gr <= §* 

n—1 times 

— >f II P r ^ §* II ■ ■ ■ II g r ^ §* 

2 71 times 



77 times 



where gr is a region collecting the garbage produced by the se- 
quential composition operator of F. This previous sequence is not 
shallow-first since the redexes set(r, M) and get(r) occurring at 
depth 1 are alternatively applied with other redexes occurring at 
depth 0. A shallow-first strategy would produce the reduction se- 
quence 



.Z'\* 



!(**get(j-)get(r)...get(r)) || S 



where S is the same garbage store as previously but we observe no 
size explosion. 

Following these observations, our contribution is to identify an 
intermediate outer-bang reduction relation that can be simulated 
by shallow-first sequences. The keypoint is to prevent reductions 
inside !-terms like in sequence J4.1| >. For this, we define the outer- 
bang evaluation contexts F in Figure[7] They are not decomposable 

F :~ [■] | Ax.F | FM \ MF \ §F 

let fx = F in M \ let \x = A/ in F 
set(r, F) | (F \\ M) | (M \\ F) \r <= F 

Figure 7. Outer-bang evaluation contexts 

in a context of the shape E\\E'] and thus cannot be used to reduce 
in !-terms. In the sequel, — > Q b denotes reduction modulo evalua- 
tion contexts F. 

4.2 Simulation of outer-bang strategies 

After identifying a proper outer-bang relation — s> b, the main 
difficulty is to preserve the evaluation order of side effects by 
shallow-first reordering. For example, the following two reduction 
steps do not commute: 



Fi[set(r,Q)] || F 2 [get(r)] 
FxM || F 2 |get(r)] || r <= Q 
Fi[*) \\F 2 [Q] 



(4.3) 



We claim that this is not an issue since the depth system enforces 
that side effects on a given region can only occur at fixed depth, 
hence that i — j. Therefore, we should never need to 'swap' a read 
with a write on the same region. 

We can prove the following crucial lemma. 



Lemma 2 (Swapping). Let P be a well-formed program such that 
P -Aob Pi 

P — ^ob P' 



>ob Pi and i > j. Then, there exists P' such that 
>ob Pi- 



Proof. We write M the contractum of the reduction P — > b Pi 

and TV the redex of the reduction Pi — 4 b Pi- Assume they occur 
at addresses w m and w n in Pi. We distinguish three cases: (1) M 
and TV are separated (neither w m C w n nor w m □ w n ); (2) M 
contains TV (w m C. w n ); (3) TV strictly contains M (w m □ w n and 
w m 7^ w n ). For each of them we discuss a crucial subcase: 

1. Assume M is the contractum of a (set) rule and that TV is 
the redex of a (get) rule related to the same region. This case 
has been introduced in example i4.3\ where Al and TV are 
separated by a parallel node. By well-formedness of P, the 
redexes get(r) and set(r, Q) must occur at the same depth, that 
is i = j, and we conclude that we do not need to swap the 
reductions. 

2. If the contractum Al contains the redex TV, TV may not exist yet 
in P which makes the swapping impossible. We remark that, 
for any well-formed program Q such that Q — 4 G b Q', both the 
redex and the contractum occur at depth d. In particular, this is 
true when a contractum occurs in the store as follows: 

Q = F[set(r,T)] -4 ob Q 1 = F[*] \\ r <= T 

By well-formedness of Q, there exists a region context R such 
that R(r) = d and the redex set(r, T) occurs at depth d. By the 
revised definition of depth, the contractum T occurs at depth d 
in the store. As a result of this remark, M occurs at depth i and 
TV occurs at depth j. Since i > j, it is clear that the contractum 
M cannot contain the redex TV and this case is void. 

3. Let TV be the redex let §x = §P in Q and let the contractum 
Al appears in R as in the following reduction sequence 

P = P[let §a; = §P' in Q] 

-Aob Pi = P[let §:r = §P in Q] 

-4«b Pi = F[Q[R/x\] 

By well-formedness, x occurs exactly once in Q. This implies 

that applying first P P' cannot discard the redex in R' . 
Hence, we can produce the following shallow-first sequence of 
the same length: 

P = F[let §x = §P' in Q] -A ob P' = F[Q[R'/x]] 

—^ob P 2 = F[Q[R/x]} 

Moreover, the reduction P' — V Q b P2 must be outer-bang for x 
cannot occur in a !-term in Q. □ 

There are two notable differences with Terui's swapping pro- 
cedure. First, our procedure returns sequences of exactly the same 
length as the original ones while his may return longer sequences. 
The reason is that outer-bang contexts force redexes to be dupli- 
cated before being reduced, as in reduction d4.2t , hence our swap- 
ping procedure cannot lengthen sequences more. The other differ- 
ence is that his calculus is affine whereas ours is strictly linear. 



Therefore his procedure might shorten sequences by discarding re- 
dexes and this breaks the argument for strong polynomial termina- 
tion. His solution is to introduce an auxiliary calculus with explicit 
discarding for which swapping lengthens sequences. This is at the 
price of introducing commutation rules which require quite a lot of 
extra work to obtain the simulation result. We conclude that strict 
linearity brings major proof simplifications while we have seen it 
does not cause a loss of expressivity if we use garbage collecting 
regions. 

Using the swapping lemma, we show that any reduction se- 
quence that uses outer-bang evaluation contexts can be simulated 
by a shallow-first sequence. 

Proposition 2 (Simulation by shallow-first). To any reduction se- 
quence Pi — >* b P„ corresponds a shallow-first reduction se- 



quence Pi 



P n of the same length. 



Proof. By simple application of the bubble sort algorithm: traverse 
the original sequence from Pi to P n , compare the depth of each 
consecutive reduction steps, swap them by Lemma [2] if they are 
in deep-first order. Repeat the traversal until no swap is needed. 
Note that we never need to swap two reduction steps of the same 
depth, which implies that we never need to reverse the order of 
dependent side effects. For example, in Figure [8] the sequence 

P — +ob P' — ^ob P" — ^ob P'" is reordered into P -A oh 



C 



>ob B — > b P'" by 3 traversals. 



□ 
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P' 


1 


P" 
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As an application, we show that the simulation result applies to 
a call-by-value operational semantics that we define in Figure|9] We 



-values 
-terms 

-stores 

-programs 

-contexts 



V 
M 

S 
P 

Pv 



: x I * I r I Xx.M j \V 

■ V I MM I §M I let fa; = M 
get(r) I set(r,M) | [M \\ Al) 

■ r <= V ] (S || S) 

■ M I S I (P || P) 

: [•] I F V M I VF V I §F V 

let \x = P v in M I set(r, F v ) 
(P v || P) I (P || P v ) 

-reduction rules- 



n M 





F v [(Xx.M)V] - 


—K F v [M[V/x]} 


C-v) 


F v [let \x = IV in M] - 


—K F v \M[V/x\] 


(§v) 


P„[let §a; = §V in M] - 


-^v F v [M[V/x]] 


(getv) 


P„[get(r)] | r <= V ■ 


-^v F V [V] 


(set v ) 


F»[set(r,V)] ■ 


—K PvM II r <^ V 


(gCv) 


Pv[* II M] - 


—h, F v [Af] 



Figure 9. CBV syntax and operational semantics 

revisit the syntax of programs with a notion of value V that may be 
a variable, unit, a region, a A-abstraction or a f-value. Terms and 
programs are defined as previously (see Figure [2} except that \A1 
cannot be constructed unless M is a value. Store assignments are 
restricted to values. Evaluation contexts P v are left-to-right call-by- 
value (obviously we do not evaluate in stores). The call-by- value 



reduction relation is denoted by — > v and is defined modulo P v 
and =. 

From a programming viewpoint, we shall only duplicate values. 
This explains why we do not want to construct \M if M is not a 
value. 

Call-by-value contexts F v are outer-bang contexts since P v can- 
not be decomposed as E[\E'], This allows the relation — > b to 
contain the relation — K. As a result, we obtain the following 
corollary. 

Corollary 1 (Simulation of CBV). To any reduction sequence 
Pi — >* P n corresponds a shallow-first reduction sequence 
Pi — > * b P n of the same length. 

Remark that we may obtain a non call-by-value sequence but 
that the semantics of the program is preserved (we compute P n ). 



5. Polynomial soundness of shallow-first 

In this section we prove that well-formed programs admit polyno- 
mial bounds with a shallow-first strategy. We stress that this subsec- 
tion is similar to Terui's [18]; the main difficulty has been to design 
the polynomial depth system such that we could adopt a similar 
proof method. 

As a first step, we define an unfolding transformation on pro- 
grams. 

Definition 5. (Unfolding) The unfolding at depth i of a program 
P, written jf(P), is defined as follows: 

f(x) = x 
f (r) = r 



m 

f(Xx.M) 
f(MN) 

f (tM) = 



\xf(M) 
f(M)f(iV) 



ttt 1_1 (M) ifi>0 
\M ifi = 



( ifi = 0, M = \M' and\ = \: 
let \x = MM . . . M in f (JV) 



(let ]x = M in N) = I where k 



k times 

FO(x,f(N)) 



otherwise: 
I let lx = tf(M) inf(iV) 



f(get(r)) = get(r) 
f(set(r,M)) = set(r,f(M)) 
f (r <= M) = r <= f(M) 

m ii Pi) = rc-po ii 

This unfolding procedure is intended to duplicate statically the 
occurrences that will be duplicated by redexes occurring at depth i. 
For example, in the following reductions occurring at depth 0: 



let !a 



!M in (let ly = Ix in §(yy) \\ let ly = \x in §(yy)) 



— >* §{MM) || §(MM) 

the well-formed program P duplicates the occurrence M four 
times. We observe that the unfolding at depth of P reflects this 
duplication: 

f(P) = let \x = \M\M\M\M in 

(let \y — \x\x in §(yy) || let \y = \x\x in §(yj/)) 



Unfolded programs are not intended to be reduced. However, the 
size of an unfolded program can be used as a non increasing 
measure in the following way. 

Lemma 3. Let P be a well-formed program such that 
P ^P'.Then\t{P')\ < \f(P)\. 

Proof. First, we assume the occurrences labelled with '||' and 
'r <=' do not count in the size of a program and that 'set(r)' 
counts for two occurrences, such that the size strictly decreases by 
the rule (set). Then, it is clear that (!) is the only reduction rule that 
can make the size of a program increase, so let 



P = F[\et \x = IN in M] P' = F[M[N/x]] 



We have 



f(P) = P'[let \x = UVUV . . IN in f (M)] 



f{P')=F'[f{M\N/x\)) 

for some context F' and n — FO(a;, jj°(M)). Therefore we are left 
to show 

\f{M\N/x])\ < | let \x = \NW . . . IN in tt°(M)| 



which is clear since iV must occur n times in §°(M[N/x\ 



□ 



We observe in the following lemma that the size of an unfolded 
program bounds quadratically the size of the original program. 

Lemma 4. If P is well-formed, then for any depth i < d(P): 

1. FO(f (P)) < |P], 

2. |f(P)|<|P|-(|P|-l), 

Proof. By induction on P and i. □ 

We can then bound the size of a program after reduction. 
Lemma 5 (Squaring). Let P be a well-formed program such that 
P P'. Then: 

1. |P'| < |P| • (|P| - 1) 

2. the length of the sequence is bounded by \P\ 
Proof. 

1. By Lemma [3] it is clear that |f (P')| < If (P)|. Then by 
Lemma I4l2l we obtain |f (P')| < |P| ■ (|P| - 1). Finally it 
iscleai'that |P'| < |f (P')| thus |P'| < jP| ■ (|P| - 1). 

2. It suffices to remark |P'|» < \P\ t < \P\. □ 

Finally we obtain the following theorem for a shallow-first 
strategy using any evaluation context. 

Theorem 1 (Polynomial bounds). Let P be a well-formed program 
such that d(P) = d and P — >•* P' is shallow-first. Then: 

1. \P'\ < \P\ 2d 

2. the length of the reduction sequence is bounded by |P| 2 
Proof. The reduction P — 5-* P' can be decomposed as P = 

1 d-l d 

Pa Pi ■ ■ ■ P d Pd+i = P'. To prove (1), 

we observe that by iterating Lemma [5TTI we obtain \P d \ < \P \ 2 . 

Moreover it is clear that \P d +i\ < \Pd\- Hence |P'| < jP| 2d . To 
prove (2), we first prove by induction on d that |Po J + |Pi | + . . . + 



Pd\ < | Po| -By Lemma 15121 it is clear that the length of the 



reduction P — ►* P' is bounded by \P \ + \Pi\ 
which is in turn bounded by \Pq j 2 . 



+ \P d 



□ 



It is worth noticing that the first bound takes the size of all the 
threads into account and that the second bound is valid for any 
thread interleaving. 

Corollary 2 (Call-by- value is polynomial). The call-by-value eval- 
uation of a well-formed program P of size n and depth d can be 
computed in time 0(n 2 ). 

Proof. Let P — >■* P' be the call-by-value reduction sequence of 
the well-formed program P. By Corollary Q] we can reorder the 
sequence into a shallow-first sequence P — >* b P' of the same 
length. By TheoremQjwe know that its length is bounded by \P\ 2 
and that \P'\ < \P\ 2 " . □ 

6. A polynomial type system 

The depth system entails termination in polynomial time but does 
not guarantee that programs 'do not go wrong'. In particular, the 
well-formed program in l |3.6t get stuck on a non-value. In this sec- 
tion, we propose a solution to this problem by introducing a poly- 
nomial type system as a simple decoration of the polynomial depth 
system with linear types. Then, we derive a progress proposition 
which guarantees that well-typed programs cannot deadlock (ex- 
cept when trying to read an empty region). 

We define the syntax of types and contexts in Figure [10] Types 



-type variables 
-types 
-res. types 
-var. contexts 
-reg. contexts 



t,t', 

a 

A 

r 

R 



B | A 

t\l\A-»a\-\A\ Vt.A | Reg,, A 
Xi : (u!,Ai), ...,X n ■ (u n ,A n ) 
n : (Si, Ai), . . . ,r„ : (S„,A„) 



Figure 10. Syntax of types, effects and contexts 

are denoted with a, a',.... Note that we distinguish a special 
behaviour type B which is given to the entities of the language 
which are not supposed to return a result (such as a store or several 
terms in parallel) while types of entities that may return a result are 
denoted with A. Among the types A, we distinguish type variables 
t, t', . . ., a terminal type 1, a linear functional type A —o a, the 
type \A of terms of type A that may be duplicated, the type §A 
of terms of type A that may have been duplicated, the type Wt.A 
of polymorphic terms and the type Reg r A of regions r containing 
terms of type A. Hereby types may depend on regions. 

In contexts, usages play the same role as in the depth system. 
Writing x : (u, A) means that the variable x ranges on terms 
of type A and can be bound according to u. Writing r : (8, A) 
means that the region r contain terms of type A and that get(r) 
and set(r, M) may only occur at depth 8. The typing system will 
additionally guarantee that whenever we use a type Reg r A the 
region context contains a hypothesis r : (S, A). 

Because types depend on regions, we have to be careful in stat- 
ing in Figure QT| when a region-context and a type are compati- 
ble (R i «), when a region context is well-formed (R h), when 
a type is well-formed in a region context (R h a) and when a 
context is well-formed in a region context (R h F). A more in- 
formal way to express the condition is to say that a judgement 
n : (6i, Ai ),..., r n : (S n ,A n ) I- a is well formed provided that: 
(1) all the region constants occurring in the types Ai, . . . , A n , a 
belong to the set {n, . . . , r n }, (2) all types of the shape Reg,, B 
with i £ { 1, . . . , n} and occurring in the types Ai , . . . , A n , a are 
such that B = Ai. 



RIA Rla 
Rit Ril RIB Ri(A^a) 

RIA r:(8,A)eR R±A t <£ R 



Ri\A 

Vr : (8, A) £ R 
RIA 

rT 



R I Reg r ^l 

R h Rice 
R~Ta 



R i Mt.A 

\/x ■. (8, A)er 
Ry- a 
r h r 



Figure 11. Types and contexts 



Example 2. One may verify that the judgment r : (8,1 —o 
1) h Reg r (l — o 1) can be derived while judgements r : (8, 1) h 
Reg,, (1 — o 1) andr : (8, Reg r l) h 1 cannot. 

We notice the following substitution property on types. 

Proposition 3. If R h Wt.A and Rh B then R h A[B/t], 

A typing judgement takes the form: R;T \- s P : a. It attributes 
a type a to the program P occurring at depth 8, according to 
region context R and variable context T. Figure [72l introduces the 
polynomial type system. We comment on some of the rules. A 
A-abstraction may only take a term of result-type as argument, 
i.e. two threads in parallel are not considered an argument. The 
typing of f-terms is limited to result-types for we may not duplicate 
several threads in parallel. There exists two rules for typing parallel 
programs. The one on the left indicates that a program P2 in parallel 
with a store or a thread producing a terminal value should have the 
type of P2 since we might be interested in its result (note that we 
omit the symmetric rule for the program (P% || Pi)). The one on 
the right indicates that two programs in parallel cannot reduce to a 
single result. 

Example 3. The program of Figure\3\is well -typed according to 
the following derivable judgement: 

R; - h 4 let \x = get(r) in set(r, (\x)(§x)) \\ r ^= [(Xx.x-k) : 1 

where R = r : (5, Vt.!((l — o t) t)). Whereas the program 
in d3.6t is not. 



Remark 1. We can easily see that a well-typed program is also 
well-formed. 

The polynomial type system enjoys the subject reduction prop- 
erty for the largest relation — O — ^ b^ — V 

Lemma 6 (Substitution). 

1. If R;T,x : (A, A) h a M : B and R;T h 6 N : A then 
R;F\- S M\N/x] : B. 

2. IfR;T,x : (§,A) h 4 M : B and R; T h s §iV : §A then 
R;T\- S M[N/x] : B. 

3. If R;T,x : (I, A) \- s M : B and R;T IN : \A then 
R;T\- S M[N/x] : B. 

Proposition 4 (Subject Reduction). If R; F \- s P : a and P — ► 

P' then R: F h* P' : a. 



FO(x,M) = 1 

R\-F x:(X,A)eF R ^ T R \- T R;F,x : {X,A)\- S M : a 



R-^^x-.A R;T\- 6 *:1 R; F h d r : Reg r A R : F \- d Xx.M : A ^ a 

R;T \- s M : A —° a FO(M) < 1 R;F F s M : IA FO{x,N)>\ 

R;Fh s N:A R; T A \~ S+1 M : A R;F,x : (\,A) h 5 TV : a R; F x , A x \~ S+1 M : A 



R; F h MTV : a R; F,, A§, * A h* !M : \A R; F \- d let \x = M in TV : a P; r § , A, , * A P §M : §A 

P; T h" 5 M : §A FO(a;, TV) = 1 t £ (P; r) 

R;F,x : (§,A) h 4 TV : a R;T h s M : A R;F h 4 M :Vt.A R\~ B P h T r:(S,A)eR 



P; F \- s let §a; = M in TV : a R;T M : Mt.A R; F h* M : A[B/t] R; F \- 5 get(r) : A 

5 



r:{8,A) r: (S, A) R; F h s P 1 : 1 or Pi = 5 

D 2 



R:F \- s M : A R; F h a M : A R: F h 4 P 2 : a R; F h" Pi : on 



R; F h s set(r, M) : 1 R; T h° r <= M : B it; T h* (Pi || P 2 ) : a R; F (Pi || P 2 ) : B 

Figure 12. A polynomial type system 



Finally, we establish a progress proposition which shows that 
any well-typed call-by- value program (i.e. defined from Figure [9} 
reduces to several threads in parallel which are values or deadlock- 
ing reads. 

Proposition 5 (Progress). Suppose P is a closed typable call- 
by-value program which cannot reduce. Then P is structurally 
equivalent to a program 



Mi 



M m || Si || 



S n m,n > 



where Mi is either a value or can only be decomposed as a term 
P v [get(r)] such that no value is associated with the region r in the 
stores Si, . . . , S„. 

7. Expressivity 

We now illustrate the expressivity of the polynomial type sys- 
tem. First we show that our system is complete in the extensional 
sense: every polynomial time function can be represented (Subsec- 
tion |TT). Then we introduce a language with memory locations 
representing higher-order references for which the type system can 
be easily adapted (Subsection |T2). Building on this language, we 
give an example of polynomial programming (Subsection l7.3t . 

As a first step, we define some Church-like encodings in Fig- 
urel 131 where we abbreviate As. let ]x — x in M by X^x.M. We 
have natural numbers of type Nat, binary natural number of type 
BNat and lists of type List A that contain values of type A. 

7.1 Polynomial completeness 

The representation of polynomial functions relies on the repre- 
sentation of binary words. The precise notion of representation is 
spelled out in the following definitions. 

Definition 6. {Binary word representation) Let — \- b M : § p BNat 

for some 8,p G N. We say M represents w £ {0, 1}*, written 
M Ih w, ifM — >* § p w. 

Definition 7. (Function representation) Let — h 4 F : BNat — o 
§ d BNat where S,d 6 N and f : {0, 1}* -»■ {0, 1}*. We say F 
represents /, written F Ih /, if for any M and w € {0, 1}* such 
that — F S M: BNat and M Ih w, FM Ih f(w). 

The following theorem is a restatement of Girard ITHl and 
Asperti @]. 



Nat 

77 
77 



add 
add 



BNat 

for w = io . 

77J 
777 



[Ml, 
Ml, 



List A = 

..,u„] : 

■ ■ , Un] = 

list.it : 

list.it = 



Vt.I(i-ot) -o §(t-ot) 
Nat 

X f ■'(]{ X.r . j : . . . i / .c ; I i 



Nat -o Nat -o Nat 
Am.An.A ! /.let §y = m!/ in 
let §z = n\f in §(Xx.y(zx)) 

Vt.!(t -o t) -o \{t -^t)^> §(t ^> t) 

e{o,i}* 

BNat 

X'-x .Xx[.§(Xz.x io (. . . (x in z))) 

VtA(A -o t -o t) -« §(t-ot) 

List A 

A/'-§(As./iii(/u 2 . . . (fu n x))) 

Vw.Vt.!(w -o t -« t) -o List u §t §t 
A/.A/.A .r.lnt ;:,/ = If in §(1^) 



Figure 13. Church encodings 



Theorem 2 (Polynomial completeness). 

Every function f : {0, 1}* —¥ {0, 1}* which can be computed by 
a Turing machine in time bounded by a polynomial of degree d can 
be represented by a term of type BNat ^> § d BNat. 

7.2 A language with higher-order references 

Next, we give an application of the language with abstract regions 
by presenting a connection with a language with dynamic memory 
locations representing higher-order references. 

The differences with the region-based system are presented in 
Figure [14] We introduce terms of the form vx.M to generate a 
fresh memory location x whose scope is M. Contexts are call-by- 
value and allow evaluation under v binders. The structural rule (y) 
is for scope extrusion. Region constants have been removed from 
the syntax of terms hence reduction rules (get„) and (set„) relate 
to memory locations. The operational semantics of references is 
adopted: when assigning a value to a memory location, the previous 
value is overwritten, and when reading a memory location, the 



M ::= ... | i/a;.M 
Fu ■■■= F y | ^a;.F„ 

F v [vx.M] = vx.F u [M] 
ifx£ FV(F,) 



(get,) F v [get(x)] \\ x <= V 
(set,) F„[set(a5,V)] || x^= V 



F V [V] \\x<=V 
F v [*] \\x<=V 



R(r) = (6, \A) 
R;F,x: (u, Re Sr \A) h 4 M : B R; F \- s x : Reg r \A 



R;F\- A ux.M : B 



R{r) = (S, [A) 
R;T\- S x : Reg r \A 
R;T\- 5 M :\A 
R;Fh s set(x,M) : 1 



R;F \- A get(x) : \A 

R(r) = (5, \A) 
R;Fh s x: Reg,.L4 

R;F V : \A 
R; F h° x ^ V : B 



Figure 14. A call-by-value system with references 



value is copied from the store. We see in the typing rules that region 
constants still appear in region types and that a memory location 
must be a free variable that relates to an abstract region r by having 
the type Reg r A 

There is a simple translation from the language with memory 
locations to the language with regions. It consists in replacing the 
(free or bound) variables with a region type of the shape Reg r A by 
the constant r. We then observe that read access and assignments to 
references are mapped to several reduction steps in the system with 
regions. It requires the following observation: in the typing rules, 
memory locations only relate to regions with duplicable content 
of type \A. This allows us to simulate the copy from memory 
mechanism of references by decomposing it into a consume and 
duplicate mechanism in the language with regions. More precisely: 
an occurrence of get(x) where x relates to region r is translated 
into 



let 



V 



get(r) in set(r, \y) \\ \y 



such that 



F v [let \y = get(r) in set(r, \y) 
>t F\W] II r <= IV 



simulates the reduction (get,). Also, it is easy to see that a re- 
duction step (set,) can be simulated by exactly one reduction step 
(set v ). Since typing is preserved by translation, we conclude that 
any time complexity bound can be lifted to the language with ref- 
erences. 

Note that this also works if we adopt the operational seman- 
tics of communication channels; in that case, memory locations can 
also relate to regions containing non-duplicable content since read- 
ing a channel means consuming the value. 

7.3 Polynomial programming 

Using higher-order references, we show that it is possible to pro- 
gram the iteration of operations producing a side effect on an in- 
ductive data structure, possibly in parallel. 

Here is the function update taking as argument a memory 
location x related to region r and incrementing the numeral stored 
at that location: 

r : (3, !Nat); - h 2 update : !Reg r !Nat -o §1 -o §1 

update = A ! a;.A^.§(set(a;, let ly = get(:r) in !(add 2 y)) \\ z) 



The second argument z is to be garbage collected. Then we de- 
fine the program run that iterates the function update over a list 
[\x, \y, \z] of 3 memory locations: 

r : (3, !Nat) h 1 run : §§1 

run = list.it 'update [Ix, \y, \z] §§* 

All addresses have type !Reg r !l\lat and thus relate to the same 
region r. Finally, the program run in parallel with some store 
assignments reduces as expected: 

run | x <= !m || y <^ \n \\ z <^ \p 
— >t §§* II x <= !2 + m || y ■ 



12 + n || z <^ !2 + p 



Note that due to the Church-style encoding of numbers and lists, 
we assume that the relation — !>, may reduce under binders when 
required. 

Building on this example, suppose we want to write a program 
of three threads where each thread concurrently increments the 
numerals pointed by the memory locations of the list. Here is 
the function gen.th reads taking a functional / and a value x as 
arguments and generating three threads where x is applied to /: 

r : (3, !Nat) h° gen.threads : \/t.W.\(t -o t') -o H -o B 
gen.threads = A ! /.A ! x.§(/x) || §(/x) || §(/x) 

We define the functional F like run but parametric in the list: 

r : (3, !Nat) h 1 F : List !Reg,.!Nat -o §§1 
F = ALIistJt lupdate I §§* 

Finally the concurrent iteration is defined in run_th reads: 

r : (3, !Nat) h° run.threads : B 
run_threads = gen_threads !F \y, \z] 

The program is well-typed for side effects occurring at depth 3 and 
it reduces as follows: 

run.threads II x ■(= \fn. II n -t= \n II z <fc !? 

— m* ii 



!6 + m 



V <= '-n || 

y <= !6 + n \\ z 



!6 + p 

Note that different thread interleavings are possible but in this 
particular case they are confluent. 

8. Conclusion and Related work 

We have proposed a type system for a higher-order functional lan- 
guage with multithreading and side effects that guarantees termi- 
nation in polynomial time, covering any scheduling of threads and 
taking account of thread generation. To the best of our knowledge, 
there appears to be no other characterization of polynomial time 
in such a language. The polynomial soundness of the call-by-value 
strategy relies on the simulation of call-by-value by a shallow-first 
strategy which is proved to be polynomial. The proof is a signifi- 
cant adaptation of Term's methodology 1 18]: it is greatly simplified 
by a strict linearity condition and based on a clever analysis of the 
evaluation order of side effects which is shown to be preserved. 

Related work The framework of light logics has been previously 
applied to a higher-order 7r-calculus I14fl and a functional language 
with pattern-matching and recursive definitions | 6]. The notion of 
stratified regioi^\ has been proposed 0101 to ensure the termination 
of a higher-order multithreaded language with side effects . In 
the setting of synchronous computing, static analyses have been 
developed to bound resource consumption in a synchronous tv- 
calculus [2] and a multithreaded first-order language |3]. Recently, 
the framework of complexity information flow have been applied to 
characterize polynomial multithreaded imperative programs fnll . 



' Here we speak of stratification by means of a type-and-effect discipline, 
this is not to be confused with the notion of stratification by depth level that 
is used in the present paper. 
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